Applies To
Product(s): Archer
Version(s): 6.14, 6.13, 6.12
Primary Deployment: On Premises/AWS Hosted/AWS SaaS
Description
Starting 6.12, Archer enables the usage of Modern Authentication with Mail Monitor Transporter Data Feeds and Advanced Workflow Actions by Email.
This feature assists clients in easily moving from Basic (Password-based) authentication to Modern (Token-based) authentication, since Microsoft has announced the deprecation of Basic Authentication for Exchange online customers.
This article describes detailed steps on how to implement Mail Monitor Transporter Data Feeds and Advanced Workflow Actions by Email with Modern Authentication using Exchange protocol.
Resolution
I. Azure Configuration
0EMVM000003CIyl.png
3. Then navigate to the API Permissions in the left pane and add a new permission (select Microsoft Graph > Delegated permissions > choose EWS.AccessAsUser.All. This will be used in Postman under Scope.
0EMVM000003C0Ab.png
4. Go to Redirect URI in the Overview tab and add a new one. Add http://localhost:8080.
0EMVM000003C0XB.png
5. Go to the Overview tab and click on Endpoints to retrieve the Token and Authorization Endpoints (shown below). These will be used later in Postman to get the Refresh Token and in Archer configuration:
0EMVM000003CJDG.png
II. Postman Configuration
Postman is used to retrieve the Refresh Token. Follow the steps below:
1. Open Postman and add a new Collection. Then go to the Authorization tab and choose OAuth 2.0.
0EMVM000003C5VF.png
2. The below parameters need to be filled out.
Below is the list of the needed parameters, their values and how to retrieve each:
0EMVM000003COcj.png
0EMVM000003CMkc.png
0EMVM000004Qynp.png
1. To begin with, we need a registered application for Archer to be created in Azure in order to retrieve four parameters that will be used in Archer. The application shown in the screenshot below is named Mail Monitor DF.
2. Navigate to the Overview tab, you should see the below parameters:
- Application (client) ID
- Directory (tenant) ID
- Client secret > Click on secret (next to Client credentials) and generate a new client secret.
Note: Copy the value, not the secret ID and ensure to save it somewhere as it will be hashed after a few minutes. It will be used later on, in Archer and Postman.
0EMVM000003CIyl.png3. Then navigate to the API Permissions in the left pane and add a new permission (select Microsoft Graph > Delegated permissions > choose EWS.AccessAsUser.All. This will be used in Postman under Scope.
0EMVM000003C0Ab.png4. Go to Redirect URI in the Overview tab and add a new one. Add http://localhost:8080.
0EMVM000003C0XB.png5. Go to the Overview tab and click on Endpoints to retrieve the Token and Authorization Endpoints (shown below). These will be used later in Postman to get the Refresh Token and in Archer configuration:
- For Archer, OAuth 2.0 token endpoint (v1) will be used.
- For Postman, OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) will be used.
0EMVM000003CJDG.pngII. Postman Configuration
Postman is used to retrieve the Refresh Token. Follow the steps below:
1. Open Postman and add a new Collection. Then go to the Authorization tab and choose OAuth 2.0.
0EMVM000003C5VF.png2. The below parameters need to be filled out.
Below is the list of the needed parameters, their values and how to retrieve each:
- Callback URL: http://localhost:8080
- Auth URL: OAuth 2.0 Authorization Endpoint (v2). Retrieved from Azure > Registered Application > Overview > Endpoints.
- Access Token URL: OAuth 2.0 Token Endpoint (v2). Retrieved from Azure > Registered Application > Overview > Endpoints.
- Client ID: Client ID. Retrieved from Azure > Registered Application > Overview.
- Client Secret: Secret value. Retrieved from Azure > Registered Application > Overview > Client Secret.
- Scope: https://outlook.office.com/EWS.AccessAsUser.All offline_access
0EMVM000003COcj.png3. Then click on Generate Access Token. Then a prompt window will appear, scroll down till you find the Refresh Token.
Note:
Note:
- If you cannot find the Refresh Token, then one or more parameter values are incorrect.
- Postman can be installed in a local machine and does not require installation in the Archer servers.
- Any potential connectivity issues experienced within Postman may stem from the connection between Postman and Azure, necessitating further investigation from the client's perspective.
- Postman Application is required in this step since not all options are editable when using the Postman website.
III. Archer Configuration
1. Mail Monitor Transporter Data Feed configuration (using Exchange Protocol):
1. Mail Monitor Transporter Data Feed configuration (using Exchange Protocol):
a. Open the Data Feed (Administration menu > Expand Integration > Click on Data Feeds > Open the Mail Monitor Data Feed).
b. Navigate to the Source Connection tab and fill the below:
b. Navigate to the Source Connection tab and fill the below:
- Mail Server: https://outlook.office365.com/ews/exchange.asmx.
- The below four parameters retrieved from Azure (except for Refresh Token, retrieved from Postman):
- Client ID
- Client Secret
- Token Endpoint: OAuth 2.0 Token Endpoint (v1). Retrieved from Azure > Registered Application > Overview > Endpoints.
- Refresh Token.
0EMVM000003CMkc.png2. Advanced Workflow Actions by Email configuration (using Exchange Protocol):
a. Open Archer Control Panel.
b. Double-click on the Instance name.
c. Navigate to the General tab and go to the Notifications section.
d. Fill out the below:
b. Double-click on the Instance name.
c. Navigate to the General tab and go to the Notifications section.
d. Fill out the below:
- Mail Server: https://outlook.office365.com/ews/exchange.asmx
- The below four parameters retrieved from Azure (except for Refresh Token, retrieved from Postman):
- Client ID
- Client Secret
- Token Endpoint: OAuth 2.0 Token Endpoint (v1). Retrieved from Azure > Registered Application > Overview > Endpoints.
- Refresh Token.
0EMVM000004Qynp.png